From patchwork Fri Oct 9 21:42:01 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joel Brobecker X-Patchwork-Id: 9031 Received: (qmail 49394 invoked by alias); 9 Oct 2015 21:48:34 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Delivered-To: mailing list gdb-patches@sourceware.org Received: (qmail 49364 invoked by uid 89); 9 Oct 2015 21:48:31 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.1 required=5.0 tests=AWL, BAYES_00, RCVD_IN_DNSWL_LOW, SPF_PASS, T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-HELO: rock.gnat.com Received: from rock.gnat.com (HELO rock.gnat.com) (205.232.38.15) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-SHA encrypted) ESMTPS; Fri, 09 Oct 2015 21:48:31 +0000 Received: from localhost (localhost.localdomain [127.0.0.1]) by filtered-rock.gnat.com (Postfix) with ESMTP id A78A82969E for ; Fri, 9 Oct 2015 17:42:14 -0400 (EDT) Received: from rock.gnat.com ([127.0.0.1]) by localhost (rock.gnat.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 0zHf31AjTgWh for ; Fri, 9 Oct 2015 17:42:14 -0400 (EDT) Received: from joel.gnat.com (localhost.localdomain [127.0.0.1]) by rock.gnat.com (Postfix) with ESMTP id 79DC3291DE for ; Fri, 9 Oct 2015 17:42:14 -0400 (EDT) Received: by joel.gnat.com (Postfix, from userid 1000) id 1A3BC42BBB; Fri, 9 Oct 2015 14:42:13 -0700 (PDT) From: Joel Brobecker To: gdb-patches@sourceware.org Subject: [PATCH 8/8] [Ada] ada_unpack_from_contents: Error if target buffer not large enough Date: Fri, 9 Oct 2015 14:42:01 -0700 Message-Id: <1444426921-19985-9-git-send-email-brobecker@adacore.com> In-Reply-To: <1444426921-19985-1-git-send-email-brobecker@adacore.com> References: <1444426921-19985-1-git-send-email-brobecker@adacore.com> This adds a guard that the size of the "unpacked" buffer is large enough to contain at least BIT_SIZE bits. If not, report an error. This is to guard this routine from doing buffer overflows when called incorrectly. gdb/ChangeLog: * ada-lang.c (ada_unpack_from_contents): Add guard that unpacked is large enough for BIT_SIZE. Update function comment. --- gdb/ChangeLog | 5 +++++ gdb/ada-lang.c | 11 ++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/gdb/ChangeLog b/gdb/ChangeLog index 45e04ae..578aeb8 100644 --- a/gdb/ChangeLog +++ b/gdb/ChangeLog @@ -1,5 +1,10 @@ 2015-10-09 Joel Brobecker + * ada-lang.c (ada_unpack_from_contents): Add guard that unpacked + is large enough for BIT_SIZE. Update function comment. + +2015-10-09 Joel Brobecker + * ada-lang.c (ada_value_primitive_packed_val): Move src_len variable to local block where used. Override BIT_SIZE if bigger than size of resolved type. diff --git a/gdb/ada-lang.c b/gdb/ada-lang.c index b7440e2..97f0c49 100644 --- a/gdb/ada-lang.c +++ b/gdb/ada-lang.c @@ -2383,9 +2383,12 @@ has_negatives (struct type *type) } /* With SRC being a buffer containing BIT_SIZE bits of data at BIT_OFFSET, - unpack that data into UNPACKED. UNPACKED_LEN is the size in bytes of + unpack that data into UNPACKED. UNPACKED_LEN is the size in bytes of the unpacked buffer. + The size of the unpacked buffer (UNPACKED_LEN) is expected to be large + enough to contain at least BIT_OFFSET bits. If not, an error is raised. + IS_BIG_ENDIAN is nonzero if the data is stored in big endian mode, zero otherwise. @@ -2417,6 +2420,12 @@ ada_unpack_from_contents (const gdb_byte *src, int bit_offset, int bit_size, the indices move. */ int delta = is_big_endian ? -1 : 1; + /* Make sure that unpacked is large enough to receive the BIT_SIZE + bits from SRC. .*/ + if ((bit_size + HOST_CHAR_BIT - 1) / HOST_CHAR_BIT > unpacked_len) + error (_("Cannot unpack %d bits into buffer of %d bytes"), + bit_size, unpacked_len); + srcBitsLeft = bit_size; src_bytes_left = src_len; unpacked_bytes_left = unpacked_len;